OSCommerce Security

Forum Moderators: buckworks

Message Too Old, No Replies

OSCommerce Security

... how safe is it?

BeeDeeDubbleU

8:00 am on Sep 6, 2006 (gmt 0)

I have a PHP developer who installs OSCommerce packages for me. It's a great system and the sites have all turned out well. I don't do much PHP myself and while we have not had any problems I am not sure how safe the sites are.

Can anyone offer advice on how secure OSCommerce really is? Is there a continuing update process that we should be using and if so do you charge your clients for this?

badass101

8:43 am on Sep 6, 2006 (gmt 0)

There was a new security rollup released recently for osCommerce 2.2 Milestone 2 (the standard release for the last few years).

You should look at applying this rollup. The code changes aren't too bad, and there are diff/patch files available if you're familiar with automated patching tools - this makes the process pretty painless.

I'm about to patch up a bunch of my shops - but need to sort out charging the clients that don't have maintenance or don't put much business our way.

badass101

8:45 am on Sep 6, 2006 (gmt 0)

Oh, forgot the useful link...

Text details of changes to files is here:
[oscommerce.com...]

If you want to download the full package then grab it (which includes the patch/diff files) from here:
[oscommerce.com...]